Security firm releases tool to audit SAP's HANA

The HANA modules in Onapsis' X1 security suite look for problems such as weak passwords and missing audit trails

A new tool from security vendor Onapsis aims to secure SAP's in-memory database HANA, the German company's fastest-growing data processing product.

Onapsis, a Boston-based company that specializes in SAP security, will incorporate the tool into its X1 suite, which scans for vulnerabilities and configuration problems in SAP deployments.

[ Prevent corporate data leaks with Roger Grimes' "Data Loss Prevention Deep Dive" PDF expert guide, only from InfoWorld. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

HANA is a cornerstone of SAP's strategy to compete with Oracle and IBM. Available as a cloud service and an appliance, it's designed to process analytical and transaction workloads much faster for SAP's ERP, CRM, supply chain and business intelligence applications.

HANA became generally available last year, and SAP has called it the fastest-growing product in its history, with more than 1,000 customers at the end of 2012.

But the product is "so new that there is no real practical knowledge on how to secure it," according to Onapsis CEO Mariano Nunez.

The HANA modules in X1 perform automated scans that check if a HANA's configuration matches SAP's security guidelines for the platform. They look for problems such as missing patches, users with excessive permissions, dangerous SAP XS Engine applications, missing audit trails and weak passwords, among other issues.

The modules prioritize the risks administrators should mitigate and continuously monitor HANA for new risks, Nunez said. The HANA modules will be available in November as a free update for existing X1 customers.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies